﻿using System.Web.Mvc;
using System.Web.Security;
using ViewModel;

namespace MvcEngine.Areas.Profile.Controllers
{
    public class LogonController : Controller
    {
        [HttpGet]
        public ActionResult Index()
        {
            return View();
        }

        [HttpPost]
        public ActionResult Index(LogOnModel model, string returnUrl)
        {
            if (!ModelState.IsValid || !WebSecurity.)
            {
                return View(model);
            }

            if (!Membership.ValidateUser(model.UserName, model.Password))
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
                return View(model);
            }

            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            if (!Url.IsLocalUrl(returnUrl) || returnUrl.Length <= 1 || !returnUrl.StartsWith("/") || returnUrl.StartsWith("//") || returnUrl.StartsWith("/\\"))
            {
                return RedirectToAction("Index", "Home");
            }

            return Redirect(returnUrl);
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return RedirectToAction("Index", "Home");
        }
    }
}
